OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Threat details
OSPF is a routing protocol defined by RFC 2328. OSPF packets use IP protocol number 89.
This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic.
The attacker could trigger this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause flushing of the routing table on a targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.
To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability.
Since OSPF processes unicast packets as well as multicast packets, this vulnerability can be exploited remotely and can be used to target multiple systems on the local segment simultaneously.
OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability.
For further information see Cisco Security Advisory: cisco-sa-20130801-lsaospf
Remediation advice
Users and administrators are encouraged to:Remediation steps
Last edited: 17 February 2020 11:37 am